General

  • Target

    68e726006d3b3068052fc9b2a279e37fab73d388cf9bcf77e16239cce618ec2f

  • Size

    345KB

  • Sample

    220320-ds2n2afha2

  • MD5

    f70834fe1a4274b294051e4b3186c50d

  • SHA1

    05e1667608eb049ecf967fad03e1a2bcaec4f7fc

  • SHA256

    68e726006d3b3068052fc9b2a279e37fab73d388cf9bcf77e16239cce618ec2f

  • SHA512

    438f72f6f5dfdbace51080e34b8b70c5dbd039ebc103f5833c0dce1577b2baaa159bbcf4eb594b294d029d25a014140c013dc431cd8d9ba847397d9a55e29674

Malware Config

Targets

    • Target

      68e726006d3b3068052fc9b2a279e37fab73d388cf9bcf77e16239cce618ec2f

    • Size

      345KB

    • MD5

      f70834fe1a4274b294051e4b3186c50d

    • SHA1

      05e1667608eb049ecf967fad03e1a2bcaec4f7fc

    • SHA256

      68e726006d3b3068052fc9b2a279e37fab73d388cf9bcf77e16239cce618ec2f

    • SHA512

      438f72f6f5dfdbace51080e34b8b70c5dbd039ebc103f5833c0dce1577b2baaa159bbcf4eb594b294d029d25a014140c013dc431cd8d9ba847397d9a55e29674

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks